Creating a Session
This use case provides an example of using Oracle Identity Cloud Service to create a session after authentication, such as after authenticating using MFA.
Note:
Use this Authenticate API only if you're building your own end-to-end login experience by developing a custom sign-in application to be used by Oracle Identity Cloud Servcice.Note:
This Authenticate API can't be used to integrate your applications with Oracle Identity Cloud Service for single sign-on purposes.Note:
See the other use cases in Using the Authenticate API for information on using the Authenticate API.Submit the authnToken
and the requestState
as a FORM POST when the client is done with authentication and MFA, and needs to create a session. For this step, createSession
must be listed as a nextOp
attribute value in the last response received, and the FORM POST must include one of the following attributes.
/sso/v1/sdk/secure/session
endpoint:
requestState:
received in the last responseOR
authnToken:
received in the last responseAND
authorization:
parameter required for secure session
Request Example
The following is an example of the contents of the FORM POST to the /sso/v1/sdk/secure/session
endpoint:
requestState=value&authorization=<client sign-in access token>
authnToken=<value received from a previous response>&authorization=<client sign-in access token>
Response Example
The following example shows the contents of the response in standard HTTP format:
HTTP/1.1 302 See Other
Date: Tue, 30 Oct 2018 04:40:05 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Location: https://tenant-base-url/idp/sso (Example URL)
Set-cookie: ORA_OCIS_REQ_1=+fxgW2P7bgQayiki5P;Version=1;Path=/;Secure;HttpOnly
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
If createSession
isn't listed as a value for the nextOp
parameter in the last received response, you may need to create a token before creating a session. If createSession
is listed as a value for nextOp
, the sdk/session
endpoint can be called directly using only the requestState
.
Request Example
The following example shows the token request to the /sso/v1/sdk/authenticate
endpoint in JSON format:
{
"op":"createToken",
"requestState":"{{requestState}}"
}
Response Example
The following example shows the contents of the response in JSON format:
{
"authnToken":"eyJraWQiOiJ....4IacnWKSQ",
"status":"success"
}
The server checks that no other factor evaluation is needed. If no other evaluation is required, the token is sent in the response.